Between August 1, 2014 and July 31, 2015, the Defense Department addressed 93 of 229 cyber recommendations, according to a summary of a new audit released by the inspector general's office.
The Pentagon left the remaining 136 recommendations unresolved. All of the recommendations "required management action," the summary said.
During the one-year-span, the Government Accountability Office and DoD's own auditing groups released 20 reports and testimony covering cybersecurity weaknesses including in risk management, identity and access management, and contingency planning, according to the summary.
Last month, Terry Halvorsen, the Pentagon's chief information officer said it wants to eventually automate cyber defense. For now, officials are tackling simpler tasks, including automatically patching updates.
"At a certain point, I want to be able to have some cyber defense completely automated where a certain set of conditions occur, and the system takes its own response," Halvorsen said.
The release of the report's summary follows remarks from Admiral Michael Rogers, Cyber Command chief, who said the Pentagon's former practice of connecting networks, equipment, and weapons to the open Internet has unintentionally created major vulnerabilities throughout the DoD.
The strategy has jeopardized Pentagon networks and much of what the defense industry has developed over several decades, Rogers told the Senate Armed Services Committee on Tuesday.